Registry auth shows changes on every run

[jtmarmon]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Related to https://github.com/pulumi/pulumi-docker/pull/498

We use AWS ECS with the pulumi docker provider like so:

const creds = aws.ecr.getAuthorizationToken({
  registryId: accountId,
})

export const dockerProvider = new docker.Provider("docker-provider", {
  registryAuth: [
    {
      username: creds.apply((c) => c.userName),
      password: creds.apply((c) => c.password),
      address: creds.apply((c) => c.proxyEndpoint),
    },
  ],
});

Because the password changes every time, and the entire registryAuth object is a secret, pulumi up shows a change on every run. Not sure if there's a way to work around this, but it would be great to be able to ignore the password changes (which is what I believe is actually changing each time, where the address and username are static)

[jtmarmon]

Hey @mjeffryes - I see this got tagged area/docs - is this a user error that I can easily fix somehow?

[mjeffryes]

alas, no, I just fat fingered the labels

[blampe]

@jtmarmon for what it's worth, if your use case is limited to only building images the new docker-build provider doesn't have this problem.

[jtmarmon]

Thanks @blampe - in our case it's for fetching the latest image sha for setting the docker image on our K8s deployments using getRegistryImage so I think we'd have to stick with the docker provider